SecOps

Question 1

Differential versus incremental backup

Answer 1

Differential: backup everything since last FULL backup
Does not clear the archive bit

Incremental : backup everything since last backup
Clears the archive bits

Question 2

Copy backup ?

Answer 2

Full backup without archive bit, used before system upgrades or patching

Question 3

Miroring

Answer 3

Copying data exactly to other disk. Raid 1 for example

Question 4

Stripping

Answer 4

Using multiple disk to write
If parity, we could retrieve data if we are loosing a disk, with no parity we loosing data but write faster

Question 5

Raid 0

Answer 5

Stripping without parity

Question 6

Raid 1

Answer 6

Mirror, 2 disks with identical data

Question 7

Raid 5

Answer 7

Stripping with distributed parity, need at least 3 disks

Question 8

Database shadowing

Answer 8

Exact real copy on other location

Question 9

Electronic Vaulting

Answer 9

E-vaulting
Using a remote backup service, backup are sent off-site electronically at certain interval

Question 10

Remote journaling

Answer 10

Sends transaction log file to a remote location

Question 11

Lifecycle of DRP

Answer 11

Mitigation
Preparation
Response
Recovery

Question 12

Rescue team

Answer 12

Activation/notification
Ecacuate employe
Notify
Pull the cable from infected servers
Shut down system

Question 13

Recovery team

Answer 13

Failover
Responsible for getting the alternate site running
System rebuilmost critical systems first

Question 14

Salvage team

Answer 14

Failback
Responsible for returning to primary site
Least critical applications first to be sure it’s stable

Question 15

Redundant site

Answer 15

Complete identical site to our production
Having staff at it

Question 16

Hot site

Answer 16

Similar to redundant sote but only critical applications and sys
Lower specs sys often
Manual switch, < 1h

Question 17

Warm site

Answer 17

Similar to the hot sote but not real time data
Often restore from backup
Switch manually around 4-24h

Question 18

Cold site

Answer 18

Only having UPS, hvac, isp, generator but no system (need to be acquired)
The cheaper ans longer options can be > weejs

Question 19

COOP

Answer 19

How we keep operating in a disaster
Staff to alternate sites
What are all the operationnal things we need ?

Question 20

Cyber Incident Response Plan

Answer 20

Could be part of the DRP or not
Ddos, worms, ransomware, etc

Question 21

OEP Occupant Emergency Plan

Answer 21

How do we protect our staff, facilities in a disaster event

Focus on safety and evacuation, details how to evacuate, how often do our drills and the training

Question 22

2 Network forensic form ?

Answer 22

Catch it as you can: all packet passing through a certain traffic captured and then analysis in batch mode

Stop, look and listen: each packet is analyzed and only certain informations is saved for future

Question 23

MOU/MOA

Answer 23

Memorandum of Understanding/ Agreement

Staff are responsible for certains activities, legal documents